24 Wrz 2012, 07:28
24 Wrz 2012, 19:11
Malwarebytes.
Logi.
:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {3B5DAFB2-24E2-4FB6-AF50-BA46ACB9798A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{3B5DAFB2-24E2-4FB6-AF50-BA46ACB9798A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{27D73A2F-591A-460C-AA32-4D1CDD64A9A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=UT2V5&o=15158&src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{1FE475E7-AFDE-4BBB-84B8-3D79887B4252}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledAddons: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.19.1
FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.0.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q="
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\daria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\daria\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\daria\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C4C46EE-4C03-4F4F-85D5-9C7F5072F587}: C:\Users\daria\AppData\Local\{4C4C46EE-4C03-4F4F-85D5-9C7F5072F587} [2010-08-22 02:02:44 | 000,000,000 | ---D | M]
[2010-10-11 23:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daria\AppData\Roaming\mozilla\Extensions\Coder Preset
[2010-10-11 23:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daria\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010-10-11 23:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daria\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2012-05-16 14:00:22 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\daria\AppData\Roaming\mozilla\Firefox\Profiles\35z4w15w.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011-03-28 01:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daria\AppData\Roaming\mozilla\Firefox\Profiles\35z4w15w.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2012-06-23 01:21:36 | 000,056,403 | ---- | M] () (No name found) -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\extensions\[email protected]
[2012-07-24 15:21:14 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011-10-20 05:47:25 | 000,002,354 | ---- | M] () -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\searchplugins\aol-web-search.xml
[2010-03-17 18:56:39 | 000,002,257 | ---- | M] () -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\searchplugins\askcom.xml
[2011-03-15 12:22:18 | 000,000,923 | ---- | M] () -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\searchplugins\conduit.xml
[2010-03-18 12:51:25 | 000,001,589 | ---- | M] () -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\searchplugins\web-search.xml
[2010-03-17 05:03:41 | 000,001,196 | ---- | M] () -- C:\Users\daria\AppData\Roaming\mozilla\firefox\profiles\35z4w15w.default\searchplugins\winamp-search.xml
[2007-03-09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Files
C:\Program Files (x86)\Google\Update
C:\Users\daria\AppData\Local\Google\Update
C:\found.*
C:\1fc8cff98d6e6ca5526060b71e6c5d37
C:\Program Files (x86)\Lexmark Toolbar
C:\Windows\tasks\*.*
:\Windows\SysWow64\TempWmicBatchFile.bat
C:\Users\daria\AppData\Local\Temp*.html
C:\Users\daria\AppData\Local\f90162846a294810057a5fec7ead6939.dat
:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]
24 Wrz 2012, 19:34
24 Wrz 2012, 23:15
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKU\S-1-5-21-721860029-2518159788-3134409728-1000..\Run: [Google Update] "C:\Users\daria\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
:Files
C:\Users\daria\AppData\Local\Temp*.html
25 Wrz 2012, 02:32
25 Wrz 2012, 08:35
25 Wrz 2012, 21:32
sanchez.z napisał(a):Wprawdzie, drogi Mati, nic nie wykazało, sam zobacz http://www.wklej.eu/index.php?id=3ecb11a32c, a gry wciąż minimalizują się. Czemuż to?
26 Wrz 2012, 02:08
26 Wrz 2012, 07:40
Pangia napisał(a):Hmmm... Przepięcia w klawiaturze? Na zminimalizowanie np. gry jest parę skrótów i klawiszy - przełączanie okien Alt+Tab, wejście w Menadżer zadań (Ctrl+Alt+Del), wejście w Start (klawisz Windowsa), czasem w samych aplikacjach też jest parę skrótów głównie na wyjście, ale na zminimalizowanie też czasem (np. w Soldacie F9 - nie wiem, po co to dali, ale to już inna bajka czy na wyjście z gry - np. w Stalkerze wciskając Q w menu zamyka grę bez żadnego monitu - ile to ja razy niechcący sobie wyłączyłem, tracąc niezapisaną grę)
26 Wrz 2012, 15:10
26 Wrz 2012, 20:10
19 Paź 2012, 23:24